The 1995 Convention on the Protection of the Financial Interests of the European Communities (hereafter “PIF Convention”) already acknowledged “that businesses play an important role in the areas financed by the European Communities and that those with decision-making powers in business should not escape criminal responsibility in appropriate circumstances.”1 The PIF Convention, therefore, stipulated in Art. 3 a provision on the criminal liability of heads of business.2 Later, the Second Protocol to the PIF Convention extended criminal liability to legal persons.3 From then on, in the EU’s criminal policy, individual criminal liability of senior corporate officials for severe failures of management duties and responsibilities for PIF offenses has been complemented with corporate criminal liability.4

The approach of the EU, requiring in particular, the imposition of criminal liability on heads of business for grave management failures, was certainly innovative at that time. It signaled that, in the eyes of the EU legislature, individual criminal liability of low-level employees, corporate criminal liability, and compliance schemes were not a sufficient basis for a sustainable and effective legal program to deter PIF offenses.

This early commitment of the EU legislature of working towards a level playing field for the liability of heads of business within the Area of Freedom, Security and Justice seems, however, to have been discontinued. In 2012, the EU Commission tabled a Proposal for a Directive on the fight against fraud concerning the Union’s financial interests by means of criminal law (hereafter “PIF Directive”).5 The PIF Directive aims at “lisbonising”6 the PIF acquis and will, therefore, replace the PIF Convention and its Protocols. However, the envisaged new EU legal framework no longer contains any provision on the criminal liability of heads of business.

In contrast to the development in the PIF field, in the financial sector, the call for individual criminal liability of corporate officials is becoming increasingly louder in the Member States. In general, in the aftermath of the global financial crisis, only a few heads of business have been charged with financial crimes.7 To shareholders of financial institutions, the impunity of senior managers gave the impression that they were the ones who ultimately suffered instead of the senior managers, whose actions caused the collapse of the financial institutions.8 Because taxpayers’ money was used to save the bankrupt financial institutions, regulators have been severely criticized for their inability to sanction the senior individuals responsible for the institutions’ wrongdoing.9 The discussion was not limited to criminal liability stricto sensu but has also included liability under punitive administrative law. In the following, the term punitive liability will stand for both criminal liability and liability under punitive administrative law.

These critiques led several countries to reconsider the punitive liability of heads of business in the financial industry. The 2015 reform of the UK regulatory regime for financial services is a recent example that characteristically reflects the trend towards increased individual liability on the part of heads of business for “bad management” by introducing the so-called senior managers’ regime (hereafter “SMR”).10 Such developments echo the approach of the new European regulatory framework in the area of financial and banking services11 that requires Member States to impose punitive administrative sanctions not only against legal persons, but also against natural persons.

This article argues that punitive liability of heads of business represents a pillar in the enforcement of the PIF acquis. The article begins with some conceptual clarification as to the notion and scope of punitive liability of heads of business and give a brief overview of the existing EU legislation. The rather modest approximation achieved so far in the PIF acquis will be compared with developments in the financial sector. The concluding remarks assert that the inconsistent allocation of responsibility and liability to the corporation, its senior officials, and other (lower-level) employees results in an enforcement gap in relation to crimes affecting the EU’s financial interests and undermines the legal protection of the individual head of business in the Area of Freedom, Security and Justice.

I. Notion and Scope of Liability of Heads of Business

The need for and added value of introducing criminal liability of heads of business has been long discussed both in Europe and the US.12 From a criminal law viewpoint, the core idea of liability of heads of business is to punish managers and corporate officials for failing to prevent the wrongs committed by others, especially lower-level employees. This failure can take different forms. For instance, a head of business may be aware of the criminal behavior of others, but willfully refuse to intervene, or he/she may suspect what is happening, or will most likely happen, but deliberately turn a blind eye to the behavior, even though the matter clearly requires further investigation. He/she may also negligently fail to exercise sufficient control over other persons, even though he/she is in a position to do so and is expected to supervise them.

Therefore, criminal liability of heads of business may take different legal forms. It can be autonomous or derived liability, based on intent, dolus eventualis/recklessness, or negligence. The main difficulty is determining which legal duties of the heads of business may qualify as a basis for criminal liability, as well as to assess whether these duties have been met in practice or not. A related question is whether the head of business’s duty of control and supervision is based on a general legal duty of care or on specific legal duties of care. Furthermore, these duties are most likely also entrenched in corporate governance rules, which determine the allocation of decision-making powers and control within the corporation.13

In addition, a further relevant dimension when analyzing the liability of heads of business is that of administrative law. Legal systems usually create different, alternative, or complementary enforcement tools to tackle corporate crime. For instance, in European systems, criminal enforcement is often augmented by administrative enforcement. In fact, national approaches to the punitive liability of heads of business vary from extending the general principles of criminal participation, to providing for specific rules of liability in the general or the special parts of the criminal code or in administrative law. Some Member States, such as the Netherlands, pursue a double track approach by providing for the administrative liability of the “leading person” (“leidinggevenden”) in administrative law14 and for the “vicarious liability” of the supervisor for the offenses committed by the legal person according to the criminal code,15 thus leading to the cumulative criminal liability of the head of business and the legal person.16 Germany still excludes corporate criminal liability. It allows, however, for liability of heads of business in the general part of the criminal code17 as well as within the regime on administrative regulatory offenses.18 Finland provides for the criminal liability of both heads of businesses and heads of corporations but lacks punitive administrative liability.19 Conversely, Poland has a well-developed regime of punitive administrative enforcement, while also providing for extensive rules on participation in the commission of the offense. Paradoxically, its legislation contains a regime of corporate liability, but it is not used in practice.20 France provides for various criminal provisions specifically targeting senior managers of limited companies and other entities.21

These examples indicate that national criminal justice systems approach the punitive liability of heads of business in fundamentally different ways. Although the examples are of a general scope, i.e., not only limited to punitive liability in relation to PIF offenses, such variation in national approaches is surprising in light of the decade-long efforts of the EU Commission to approximate the criminal liability of heads of business for PIF offenses.

II. Punitive Liability of Heads of Business for PIF Offenses

Against the backdrop of the important role that business and, in particular, its senior officials play in committing PIF offenses, and being mindful of the above-mentioned diversity of national approaches,22 Art. 3 of the PIF Convention included a provision on the harmonization of the criminal liability of heads of business in order to better protect the EU’s financial interests. Accordingly, “each Member State shall take the necessary measures to allow heads of business or any persons having power to take decisions or exercise control within a business to be declared criminally liable in accordance with the principles defined by its national law in cases of fraud affecting the European Community's financial interests, […], by a person under their authority acting on behalf of the business.”

The wording of Art. 3 was repeated verbatim in the provision of Art. 6 of the Convention on the Fight against Corruption involving Officials of the European Communities and Officials of Member States of the European Union.23 Provisions on the criminal liability of heads of business were also included in the Protocols attached to the PIF Convention. Art. 7(1) of the 1996 Protocol to the Convention states that criminal liability of heads of business should also be provided in cases of corruption.24 Art. 12 of the 1997 Protocol to the Convention refers directly to Art. 3 of the PIF Convention as also being applicable in cases of money laundering.25

Although Art. 3 of the PIF Convention was innovative in its approach to introducing criminal liability of heads of business, its harmonizing effect was, however, rather modest. This is mainly due to the reference in the provision to “the principles defined by [the] national law” of the implementing Member State. This was understood by the Member States as a possibility to shape freely the punitive liability of heads of business for PIF offenses. This was confirmed both by the 2004 and the 2008 Commission reports on the implementation of the PIF Convention,26 which noted considerable gaps in the implementation of the cited provision in the Member States. The 2004 report stated that “the Member States have shown a certain reluctance to scrutinise their national systems with regard to the concept of criminal liability of heads of businesses. [..] Member States are simply relying on what is already to be found in their national laws. The Commission is not convinced that the reference to existing domestic provisions is sufficient and believes that incompatibilities continue to exist by virtue of the fact that a decision-maker is liable under different circumstances depending on the country concerned.”27 This rather negative evaluation of the Commission was largely reiterated in the 2008 report,28 indicating that Member States made little progress in implementing the criminal liability of heads of business for PIF offenses.

The reluctance of the Member States vis-à-vis this type of criminal liability cannot, however, be explained by traditional sovereignty concerns alone, which are even more apparent as regards the general part of substantive criminal law.29 Implementing Art. 3 of the PIF Convention undeniably confronted national legislatures with a series of important conceptual questions: Precisely who should be considered heads of business?30 What type of behavior should they be held responsible for (lack of control, aiding and/or abetting)? How are the actions or omissions of subordinates attributable to them? If mens rea is not required for the assumption of criminal liability, should it be based on vicarious or strict liability schemes? How does this relate to the general principles of criminal law, such as the principle of individual guilt? And, if mens rea is required, does this lead to evidentiary issues? What role is there for punitive administrative law?

The complexity of these questions coupled with the timid efforts of the Member States to implement Art. 3 of the PIF Convention led the authors of the Corpus Juris to propose a European model provision.31 Art. 13 of the Corpus Juris32 stipulated criminal liability in cases of offenses defined by the Corpus Juris when such offense had been committed for the benefit of the business by a person acting under the authority of another person who was the head of business, or who controlled or exercised the power to make decisions within it, provided that the head of business had “knowingly allowed the offence to be committed.” Art. 13(3) extended the criminal liability of the head of business to situations where the head of business failed to exercise the necessary supervision over the person under his/her authority, if such failure facilitated the commission of the offense. The model of the Corpus Juris required intent for the criminal liability of the head of business33 and thereby rejected vicarious or strict liability. Although the model of the Corpus Juris was rather restrictive due to the required mens rea, it seems not have had any practical impact on shaping the respective laws in the Member States.

This brief overview shows that the main weakness of the pre-Lisbon EU legal framework on the criminal liability of heads of business was its large reliance on principles of national law. Member States have come up with divergent solutions, some even being reluctant to accept this form of liability.

The need for the criminal liability of heads of business with regard to the protection of the EU’s financial interests was again put on the table in the context of the proposed PIF Directive. The impact assessment accompanying the Commission’s proposal restated the considerations already expressed in the 2004 and 2008 Commission reports on the implementation of the PIF Convention.34 In more detail, the impact assessment noted that some Member States apply restrictive definitions requiring that the persons within its scope hold a certain formal level of power in the organization, or only hold them criminally liable if they know and support the concrete criminal conduct of their subordinates. This unduly restricts liability to those holding official power with effect outside the organization. The intentional breach is often committed at a preparatory stage by employees who do not hold positions with effect outside the organization, e.g., members of committees, assistants to the board of directors, etc. In addition, problems in finding and admitting evidence often prevent the sanctioning of the actual perpetrator within the organization, resulting in impunity.

This diversity of national approaches has been understood as an expression of the lack of consensus on the matter among the Member States. Confronted with the resistance of the Member States and the relatively small success of the harmonization of punitive liability of heads of business, the EU Commission decided to drop the provision on the criminal liability of heads of business as a political compromise when drafting the new PIF Directive. It is worth noting that not even the relevant discussions in the European Parliament35 and the Council36 make any reference to the issue.

III. The competence of the EU to legislate on the Punitive Liability of Heads of Business for PIF Offenses

The fact that the PIF Directive is silent on the punitive liability of heads of businesses is certainly not liable to a lack of competence of the EU legislature to regulate on the matter, but it rather reflects a deliberate policy choice. Both Art. 325(4) TFEU and Art. 83(2) TFEU provide the EU legislature with the necessary competence to act.

Originally, the European Commission grounded its Proposal for the PIF Directive on Art. 325(4) TFEU. It claimed that Art. 325(4) TFEU constitutes lex specialis compared to Art. 83(2) TFEU for adopting criminal law provisions in the specific field of the protection of EU’s financial interests.

The Impact Assessment37 and the Explanatory Memorandum38 accompanying the Commission’s Proposal claimed that the reference in Art. 325(1) TFEU to “deterrent” confers the competence on the EU to adopt criminal law provisions based on this article. In the Commission’s view, “deterrent’ […] comprises by nature, and historically (see the PIF Convention) a criminal law dimension, since criminal law is needed as a basis to create a risk for potential perpetrators to be caught under embarrassing circumstances, and thus disincentive to commit the illegal act in first place”.39 The Commission further argued that Art.325 TFEU differently from its pre-Lisbon version (Art. 280 TEC), no longer excludes expressly the adoption of measures “impacting on national criminal law.40 It, therefore, constitutes the legal basis for adopting criminal law measures for the protection of the financial interests of the EU and a lex specialis compared to the Treaty provisions of Title V. Finally, the Commission emphasized that Art. 325 TFEU provides for the protection of the EU’s financial interests “against all angles of illegal attacks which can be envisaged”41 and it is not limited only to the adoption of “minimum rules”.

The reasoning of the Commission, in particular its claim on the comprehensive competence laid down in Art. 325 TFEU demonstrates that omitting the criminal liability of heads of businesses from the PIF Directive was not motivated by considerations linked to the competence to legislate.

It is interesting to note, that the Commission’s choice for the legal basis was contested by the Council. The Council’s Legal Service (CLS) rejected the argument on the lex specialis character of Art. 325 TFEU and the teleological interpretation of the term “deterrent”.42 Instead it restated the horizontal application of Art. 83(2) TFEU for the adoption of criminal law provisions for the enforcement of all already harmonized Union policies including the protection of the EU’s financial interests. The CLS recalled, in particular, the Final Report of Working Group X “Freedom, Security and Justice” of the European Convention that expressly referred to the protection of the EU’s financial interests within the scope of the Title V provisions.43

The Council’s intervention resulted in changing the legal basis of the PIF Directive: Art. 325(4) TFEU was replaced by Art. 83(2) TFEU.44 This new legal basis however is limited to adoption of “minimum rules with regard to the definition of criminal offences and sanctions”. Art. 83 TFEU does not provide for adopting rules on the general part of substantive criminal law.

Irrespective of this limitation, the recent instruments enacted on the basis of Art. 83(1) TFEU45 not only lay down the definition of constitutive elements of the offence and penalties, but they all require the criminalization of incitement, aiding and abetting and, more importantly, to provide for the liability of legal persons. One can, therefore, argue that even the new legal basis would allow the EU to legislate on the criminal liability of the head of business.

IV. Punitive Liability of Heads of Business in the Financial Sector

The financial crisis provoked a lively public debate over the individual liability of senior managers in the banking and financial industry who were commonly regarded as the real source of corporate wrongdoing. This led the EU legislature to start elaborating a framework for the punitive liability of natural persons in the area of financial and banking services.

In particular, the recently adopted legal framework on prudential supervision of credit institutions and investment firms applicable to all 28 Member States, the so called CRD IV package,46contains important provisions on punitive administrative sanctions against natural persons. Art. 9 (1) of the Capital Requirements Directive IV (CRD IV) prohibits persons or undertakings that are not credit institutions, from carrying out the business of taking deposits or other repayable funds from the public. According to Art. 66 (2) d CRD IV Member States have to ensure that in case of violation of this prohibition administrative penalties can be applied against natural persons. Administrative pecuniary penalties can go up to EUR 5 million. Subsection 5 of the EU Regulation on prudential requirements47 stipulates uniform rules on corporate governance that specify the division of duties and decision-making powers concerning credit institutions and investment firms falling in the scope of the Regulation. It spells out the duties of senior managers, the breach of which may lead to the mentioned administrative sanctions.

Since the CRD IV is a Directive, it has to be implemented into national law of the Member States. Therefore, the national laws of the Member States have to define and detail the conducts that represent a breach of the prohibition laid down in Art. 9 (1) CRD IV, as well as the scope of persons to whom the conduct rules apply. In addition, the national implementing legislation must define also the criteria for imposing punitive sanctions on natural persons in accordance with Art. 66 (2) d CRD IV. It has to stipulate, in particular, the mens rea requirements.

To sum up, the CRD IV package requires Member States to provide for punitive liability of individuals for violation of rules of prudential supervision. National implementing legislation across the EU has to henceforth provide for the punitive liability of natural persons. The EU legislature, however, once again has refrained from setting uniform standards for the punitive liability of managers.

V. Concluding Remarks

To date, punitive liability of senior managers across Europe still appears largely unsatisfactory and, to a certain extent, at odds with the role that corporations and their representatives have assumed in present-day societies.

In general, and beyond the provisions related to the criminal law protection of the EU budget, the diversity of national legislation and practice enhances the risk of ineffective law enforcement and legal uncertainty. The divergent conceptual shape of punitive liability of heads of business impedes the well-functioning operation of the internal market and hampers cooperation between the criminal justice authorities of the Member States. The nationally oriented approaches and the current absence of a level playing field create opportunities for abuse by criminals and for avoiding liability.

The fragmentation of laws is also problematic from the perspective of the legal protection of the head of business concerned. Due to the scattered national approaches, heads of business working for corporations that are active in several EU Member States are confronted with diverging national rules, for instance on due diligence. This leads to problems related to the principle of individual guilt (nulla poena sine culpa), the principle of legal certainty (lex certa), the principle of nebis in idem, and the presumption of innocence.48

There is a need to clarify and to critically rethink the punitive liability of heads of businesses from the perspective of the integrated legal order of the EU. The scope and the conditions of the liability of heads of businesses should be addressed in a coherent manner in the Area of Freedom, Security and Justice considering both criminal and punitive administrative law and taking into account at the same time the legal protection of the individual head of business concerned.

See the Preamble to the Convention on the protection of the European Communities’ financial interests of 1995 (“PIF Convention”) O.J. C 316, 27 November 1995.↩

Commission of the European Communities, Commission Staff Working Paper Annex to the Second Report from The Commission: Implementation by Member States of the Convention on the Protection of the European Communities’ Financial Interests and its Protocols - Article 10 of the Convention, COM(2008) 188, 14 February 2008, p. 45 ff.↩

Second Protocol of the Convention on the protection of the European Communities’ financial interests, O.J. C 221, 19 July 1997. The subject matter of the Protocol referred to money laundering, but Art. 3 obliged Member States to introduce the liability of legal persons with regard to money laundering, fraud and active corruption. The fact that the PIF Convention originally did not contain provisions on the liability of legal persons is explicable by the attitude of the majority of the Member States that considered corporate criminal liability a red flag against approximation of criminal law. See details in J.A.E. Vervaele, Fraud against the European Community: The need for European fraud legislation, Kluwer, 1992, p. 313.↩

European Commission, Proposal for a Directive of the European Parliament and of the Council on the Fight against Fraud to the Union's Financial Interests by Means of Criminal Law, COM(2012) 363 final, 11 July 2012.↩

“Lisbonisation” of an act refers to the legislative process by which acts of the former Third Pillar are repealed, annulled or amended. On the concept of “Lisbonisation” see T. Blanche, ‘The genesis of Protocol 36’, forthcoming in New Journal of European Criminal Law, 2015, Issue 4.↩

A. Keay, ‘The Public Enforcement of Directors’ Duties: A Normative Enquiry’, in Common Law World Review 2014, p. 89 ff.↩

The discussion on the responsibility of heads of businesses for the bankruptcy of a company is long-standing – see, indicatively: R.K.S. Rao, D.S. Sokolow and D. White, ‘Fiduciary Duty a la Lyonnais: An Economic Perspective on Corporate Governance in a Financially Distressed Firm’, in Journal of Corporate Law, 1997, p. 53 ff.; J.C. Lipson, ‘The Expressive Function of Directors’ Duties to Creditors’, in Stanford Journal of Law, Business and Finance, 2007, p. 224 ff.↩

M. Delmas-Marty, ‘Incompatibilities between Legal Systems and Harmonisation Measures: Final Report of the Working Party on a Comparative Study on the Protection of the Financial Interests of the Community’, in Commission of the European Communities, The Legal Protection of the Financial Interests of the Community: Progress and Prospects since the Brussels seminar of 1989, 1993, p. 71.↩

Convention on the fight against corruption involving officials of the European Communities of officials of Member States of the European Union, O.J. C 195, 25 June 1997.↩

Protocol to the Convention on the protection of the European Communities’ financial interests, O.J. C 313, 23 October 1996.↩

Commission of the European Communities, Report from the Commission: Implementation by Member States of the Convention on the Protection of the European Communities’ Financial Interests and its Protocols - Article 10 of the Convention, COM (2004) 709 final, 25 October 2004, pp. 5-6; Commission of the European Communities, Second Report from The Commission: Implementation by Member States of the Convention on the Protection of the European Communities’ Financial Interests and its Protocols - Article 10 of the Convention, COM (2008) 77 final, 14 February 2008, p.3.↩

Commission of the European Communities, Report from the Commission: Implementation by Member States, op. cit., pp. 5.↩

Commission of the European Communities, Second Report from The Commission, cit., 14 February 2008, p.3.↩

Art. 83 TFEU does not contain a legal basis for EU competence to approximate the general part of criminal law. See H. G. Nilsson, ‘How to combine minimum rules with maximum legal certainty?’, in Europarättslig Tidskrift, 2011, p. 669; A. Klip, European Criminal Law. An Integrative Approach, 2nd Ed., Intersentia, 2012, p. 167 -168, recognizes that the literal reading of the legal basis suggests a competence only for the “special part”, but points out that “it will be inevitable to deal with the general part related issues if one deals with both definition and sanctions”.↩

At the international level, the only definition of “person with a leading position” for the purpose of criminal law is provided in Art. 18 par. 1 of the 1999 Criminal Law Convention on Corruption of the Council of Europe, ETS 173.↩

The Explanatory Notes of the Corpus Juris stressed that criminal liability of heads of businesses was “necessary in economic and financial matters”, but did not further detail their reasons. See M. Delmas-Marty – J.A.E. Vervaele (Eds.), The Implementation of the Corpus Juris in the Member States, Vol. I, Intersentia, 2000, p. 73 ff.↩

Art. 13 in the version of 1997; the provision, with an identical text, was later renumbered into Art. 12 of the 2000 version.↩

According to the Explanatory Notes of the Corpus Juris this liability required the “individual fault of the decision-maker who consciously allowed the offence to take place”. See M. Delmas-Marty – J.A.E. Vervaele (Eds.), The Implementation of the Corpus Juris in the Member States, op. cit., p. 74.↩

European Commission, Commission Staff Working Paper – Impact Assessment accompanying the document Proposal for a Directive on the Fight against Fraud to the Union's Financial Interests by Means of Criminal Law, SWD (2012) 195 final, 11 July 2012, p. 16.↩

See the Interinstitutional File 2012/0193 (COD). The General Approach agreed in the Council is currently set out in Doc. 10729/13, 10 June 2013.↩

For the positon and the debate in the European Parliament, see the European Parliament First Reading Report on the Proposal for a PIF Directive, A7-0251/2014, 25 March 2014.↩

Council Legal Service, Opinion on the Legal basis for the PIF Directive, Doc. 15309/12, 22 October 2012.↩

See the Final Report of Working Group X “Freedom, Security and Justice” to the European Convention, CONV 426/02, 2 December 2002, p. 10. The CLS recalled the “protective mechanisms” of Art. 83(2) TFEU (emergency brake and the opt-out regime). Accordingly, “a change of the legal basis would be tantamount to circumventing this protective mechanism established by the Treaty”.↩

Interesting to note that the European Parliament - notwithstanding the opinion of its Committee on Legal Affairs - supported the Commission’s choice for Art. 325 TFEU. See the European Parliament First Reading Report, cit.↩

Directive 2011/36/EU on preventing and combating trafficking in human beings and protecting its victims, and replacing Council Framework Decision 2002/629/JHA, O.J. L 101, 15 April 2011; Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA, O.J. L 218, 14 August 2013; Directive 2014/62/EU on the protection of the euro and other currencies against counterfeiting by criminal law, and replacing Council Framework Decision 2000/383/JHA, O.J. L 151, 21 May 2014.↩

Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, op. cit.↩